我想限制CORS請求到幾個特定的來源,但服務仍然向所有來源提供請求,而不僅僅是我指定的請求,並且我需要限制他們。Web API 2 CORS屬性不限制CORS請求
WebApiConfig.cs文件如下:
using System.Web.Http;
using System.Web.Http.Cors;
using System.Web.Http.OData.Builder;
using System.Web.Http.OData.Extensions;
using TCApiOdata.Models;
namespace TCApiOdata
{
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
ODataConventionModelBuilder builder = new ODataConventionModelBuilder();
//Entities here, no issues, they work fine.
config.Routes.MapODataServiceRoute("odata", "odata", builder.GetEdmModel());
// Web API routes
var cors = new EnableCorsAttribute("http://www.domain1.com,http://www.domain2.com", "*", "get", "DataServiceVersion, MaxDataServiceVersion");
config.EnableCors(cors);
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
}
我在做什麼錯誤是允許除了那些我指定其它產地的要求?我還應該注意到,我沒有任何控制器或操作上的裝飾......僅限於全局範圍。